ABOUT SYMANTEC

Press Release

Symantec Solutions Achieve Common Criteria Certifications

Federal Information Processing Standard Validations Also Confirmed

MOUNTAIN VIEW, Calif. – May 9, 2012 – Symantec Corp. (NASDAQ: SYMC) today announced Symantec Data Loss Prevention, Symantec Control Compliance Suite and Risk Automation Suite have achieved Common Criteria certification at Evaluation Assurance Level 3 (EAL3+) under the Common Criteria Information Technology Security Evaluation (CC). These follow the recent certification of Symantec’s VeriSign eToken series, which achieved a Common Criteria certification at EAL4+, the highest assurance level recognized globally under the Common Criteria Recognition Agreement for high and consistent standards in this type of product profile.


In addition, the Java Cryptographic Module for Symantec Data Loss Prevention and Symantec Cross-Platform Cryptographic Module for Symantec Security Information Manager were validated to Federal Information Processing Standard (FIPS) 140-2 for security requirements for cryptographic modules under certification. FIPS are requirements issued by the National Institute of Standards and Technology (NIST) that apply to federal government computer systems.


Common Criteria certification verifies that the software has completed a rigorous independent testing process of specification, implementation and evaluation, and conforms to standards sanctioned by the International Standards Organization (ISO/IEC 15408). The testing is managed by an independent evaluation firm and is recognized by public sector security authorities and organizations with high-level security requirements for its expertise and adherence to published international security regulations. It’s an important worldwide evaluation for security products and is recognized in 20 countries around the world including the United States, United Kingdom, Canada, Germany and Australia. Solutions that receive Common Criteria certification are considered to exhibit high levels of security, minimizing risk for the organizations that use them. This is exceedingly important within the government sector, a primary focus of Symantec.


Symantec Control Compliance Suite, the company’s enterprise-class IT governance, risk and compliance (GRC) solution, provides a comprehensive compliance and risk management solution that enables security leaders to communicate IT risk in business-relevant terms, prioritize remediation efforts based on business criticality, and automate time-consuming manual assessment processes to improve their organization’s overall security and compliance posture while reducing cost and complexity.


Symantec Data Loss Prevention’s Common Criteria and FIPS certifications provide U.S. federal government agencies and the organizations that do business with them an objective assessment for reliably qualifying the security of the solution. Symantec’s market-leading DLP solution delivers a proven, content-aware solution to discover, monitor, protect and manage confidential data wherever it is stored or used. It allows organizations to measurably reduce their risk of a data breach, demonstrate regulatory compliance and safeguard customer privacy, brand equity and intellectual property.


“Government agencies increasingly need to protect sensitive intellectual property and manage IT risk in a complex and increasingly at-risk environment,” said Gigi Schumm, vice president and general manager of Symantec's Public Sector organization. “These certifications are a testament to our unwavering commitment to provide customers with the most secure solutions available for their mission-critical IT resources.”


Symantec Corporation Worldwide Public Sector Enablement Program is committed to providing IT security products that provide significant value to private and public sector customers. As part of that program, Symantec is continuously improving its internal development efforts and business processes to ensure that it meets and/or exceeds requirements from Common Criteria, Federal Information Processing Standard (FIPS), CEGS/CAPS, VPAT/Section 508, Security Technical Implementation Guide (STIG), Security Content Automation Program (SCAP), and other local, state, government, and worldwide requirements. Additionally, Symantec maintains active participation in various government working groups and policy development organizations.


About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.


Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.


Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.


Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.